What is a proxy?

A proxy is a server or computer that acts as an intermediary between a user and the internet. Proxies can be used for a variety of purposes, such as to improve network performance, to access blocked websites, or to protect a user’s identity and location. For example, a user can connect to a proxy server, which will then make requests on the user’s behalf and return the results to the user. This can help to hide the user’s IP address and location from the websites they are accessing.

(Ed. written by ChatGPT; verified and posted by jrivett)

What is Javascript?

JavaScript is a programming language that is primarily used to create interactive and dynamic websites. It is a client-side scripting language, which means that the code is executed on the user’s computer rather than on the server. JavaScript can be used to create things like drop-down menus, pop-ups, and interactive forms. It can also be used to create complex web applications and can be used in conjunction with other technologies such as HTML and CSS.

(Ed: written by ChatGPT; verified by jrivett.)

ChatGPT: experiments in writing

As I’m sure you’ve noticed by now, I’m using ChatGPT to generate some posts defining computing terms. I’m labeling them all clearly as generated text, but I’m also checking them carefully before posting.

Checking ChatGPT’s output is extremely important, because one can be lulled into believing that the program knows what it’s talking about. The text it generates always sounds authoritative, even when it’s horribly wrong. And it’s wrong more often that you might imagine.

Note: I’m not going to call ChatGPT an Artificial Intelligence (AI), because it’s nothing of the kind. It’s just a program that is able to generate believable-sounding text, regardless of its accuracy, based on analysis of a crapload of content written by humans. True AI will include this particular skill, just as it will include the ability to play chess, to generate art, to drive cars, to make quick decisions based on unpredictable circumstances, and many thousands more specific skills that humans possess.

A recent post at Futurism does a nice job of providing real-world examples of a mainstream news site (CNET) using ChatGPT to generate articles that sound fine, but include serious errors. In this case, the publisher did not initially identify the generated articles as being from ChatGPT, and while I can understand their reluctance, I think that was a bad call.

The risks of depending on ChatGPT are enumerated in this post from KnowBe4:

  • A big downside to ChatGPT is that its sources are unknown, meaning the creators themselves may not even know where the answers it produces come from. This often leads to incorrect information being given.
  • The concerning thing about this flaw is that the inaccuracies are tough to notice, especially because it sounds confident but can really be utter nonsense.
  • You cannot use ChatGPT to find out if text has been written by ChatGPT. There is no antidote.
  • It cannot detect scams. ChatGpt is a natural language processing tool that can answer questions and generate text based on the input it receives, but it does not have the ability to detect scams or other fraudulent activities.

Meanwhile, when I asked ChatGPT “Can ChatGPT’s writing be relied upon as accurate?” it responded as follows:

ChatGPT is a machine learning model and its accuracy is based on the data it was trained on. It can provide accurate information and responses to a wide range of questions and prompts, but it may not always be completely accurate or up-to-date. It’s always a good idea to verify any information provided by ChatGPT with additional sources.

What is a vulnerability?

A vulnerability is a weakness or gap in a system’s security that can be exploited by an attacker to gain unauthorized access or perform malicious actions. It can refer to a flaw in software, hardware, or a combination of both, that can be exploited to compromise the confidentiality, integrity, or availability of a system or its data. Vulnerabilities can be discovered through various means such as penetration testing, code reviews, or by being reported by external parties.

(Ed: written by ChatGPT; verified by jrivett.)

What is a DoS attack?

A Denial of Service (DoS) attack is a type of cyber attack in which the attacker attempts to make a network resource or website unavailable to users by overwhelming it with a flood of traffic or requests. This can be accomplished by using multiple computers or devices to send a large amount of traffic to the targeted resource, or by exploiting vulnerabilities in the software or hardware running the resource. The goal of a DoS attack is to disrupt normal traffic and make the targeted resource unavailable to legitimate users.

(Ed: written by ChatGPT; verified by jrivett.)

What is a computer trojan?

A Trojan, or Trojan horse, is a type of malware that is disguised as legitimate software. It is called a Trojan because it typically presents itself as something harmless, like a game or utility program, but once executed, it can perform malicious actions on the infected computer. These actions can include stealing sensitive information, downloading and installing other malware, or allowing unauthorized remote access to the computer. Trojans are often distributed through email attachments, instant messaging, and social media, and they can be very difficult to detect and remove.

(Editor’s note: I’m going to keep posting these definitions as long as ChatGPT is able to generate accurate and useful text. I have no plans to allow ChatGPT to take over all of my writing duties.)

What is malware?

Malware, short for malicious software, is any software designed to harm or exploit a computer system. There are many different types of malware, including viruses, worms, Trojans, ransomware, adware, and spyware. Malware can be spread through email attachments, malicious links, infected websites, and other means. It can be used to steal sensitive information, such as login credentials and financial data, disrupt or damage computer systems, and perform other malicious activities. Protecting against malware involves keeping your operating system and antivirus software up to date, being cautious about the emails and links that you open, and avoiding downloading software from untrusted sources.

(Editor’s note: this post was written by ChatGPT, and its veracity checked by me, the human person who runs this site.)

What is ransomware?

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. When the ransomware is installed on a device, it encrypts the files on the device and displays a message that demands payment in exchange for the decryption key that is needed to unlock the files. Ransomware attacks can be particularly damaging to individuals and businesses because they can disrupt access to important data and systems, and they can be costly to remedy. It is important to protect your devices and systems from ransomware by keeping your software and antivirus programs up to date and being careful about the emails and links that you open.

(Editor’s note: in case you hadn’t noticed, this is another guest post from ChatGPT. I’m going to keep posting these, but they will always be clearly labeled as ChatGPT’s work. You can play around with the chatbot yourself, but you’ll need to create an OpenAI account first.)

What is phishing?

Phishing is a type of cyber attack that involves the use of fraudulent emails or websites that appear to be legitimate in order to trick people into revealing sensitive information such as passwords, credit card numbers, and account login details. These attacks often use social engineering techniques to manipulate people into taking action, such as clicking on a malicious link or opening an attachment. Phishing attacks can be difficult to identify because they are designed to look legitimate and can be highly targeted, making them a common and effective method used by cybercriminals to steal sensitive information.

(Editor’s note: This is a guest post by ChatGPT, a chatbot launched by OpenAI in November 2022. I asked it the question “What is phishing?”, and it generated the text above. I verified the response as accurate.)

Also see Phishing – What is it? on the Opera web site. Ars Technica has a post about a particularly nasty phishing web site.

Another breach at a password storage service: LastPass

Using a password manager is still the best way to securely record all your passwords. This assumes that you are in fact using different passwords for every web site and service that require one. If you’re using the same password for everything, you are risking your privacy, financial security, and sanity.

So… which password manager should you use? Most of the major password management services (1Password, LastPass, etc.) store your passwords on their own servers, and there’s no question that this provides some benefits in terms of convenience, with the main one being that you can access your passwords from anywhere. You don’t have to back up your password data or copy it between devices; it’s maintained by the service provider and easily accessible via their web site.

But this convenience comes at a huge cost: the risk that your passwords will be compromised when the service provider experiences a security breach.

A recent breach at LastPass is, sadly, only the most recent example. In this case, the LastPass servers were compromised and attackers gained access to user data. The company first reported the breach in August 2022, but downplayed the impact on users. Their latest announcement finally provides the full story, and acknowledges that the attackers gained full access to user data, including encrypted passwords.

More about the breach from Bruce Schneier.

Although LastPass is to blame for the breach and compromised user data, passwords in the user data obtained by the attackers are all encrypted, and there’s no way to magically decrypt them without knowing the master passwords of individual users. However, that just means that the people who have the data will be using brute-force techniques to crack those passwords. For users whose master password is long and complex, it would take years–if not centuries–to crack, but if your master password is simple or commonly-used, all of your passwords are now known by these attackers.

Something for your to-do list: if you use LastPass, and your master password is easy to crack (check it here), you should immediately change ALL of your passwords.

In my opinion, you’re much better off using password management software that stores its data locally, on your own computer. Then you only need to worry about someone getting access to your computer, which you can actually control.

I’ve long recommended Password Corral for Windows users. It’s simple, secure, and free, and it stores its data locally only.

Other password managers that use only local storage include PasswordSafe, KeePassXC, and KeeWeb. Password managers that can be used with local storage include Roboform, and Sticky Password.

And remember that when you use a ‘cloud’ service, you’re just storing your data on a total stranger’s computer, which may or may not be managed and secured competently, and which you have basically no control over. Cloud stuff is convenient, but the risks of using it indiscriminantly are enormous.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.